Showing posts with label Cyber Security. Show all posts
Showing posts with label Cyber Security. Show all posts

Friday, 12 May 2017

5 things you need to do after the NHS hack

NHS hospitals across England have been hit by a large scale cyber attack. A pop-up message demanding ransom in exchange for access to the infected machines.

NHS Digital said: “A number of NHS organisations have reported to NHS Digital that they have been affected by a ransomware attack which is affecting a number of different organisations".



Whilst it’s too late to stop the current hack, this is a wake-up call for all. In this post, we will identify the steps needed to secure your own information now and in the future.

This is what you need to do
Be wary of emails from the NHS:
 Now is the perfect time for cyber criminals to strike through a phishing attack. Avoid downloading or clicking links in any emails coming from NHS. Almost all malware is installed unknowingly by the victims themselves.

Change your passwords and security questions: Even if you haven't been hacked, change your password and security questions immediately. This is especially important if your email is connected in any way to your bank or a PayPal account.

Additionally, you should look to change the passwords in any other account that uses the same or similar security information. This ensures hackers cannot access other accounts through NHS information. It is also sensible to check your password recovery settings and ensure they have not been changed to a third party.

Avoid contacting your GP practice: Avoid contacting your GP practice unless absolutely necessary, your local pharmacy can provide free and fast advice for non-urgent conditions.

Update your security settings and run a security scan: This the time to make sure your computer is secure. Make sure you run a virus scan and have the most recent security updates on your operating system. If you don't have an anti-virus application, invest in a high-quality one like McAfee or Norton Antivirus. This is something you should be doing as best practice regardless of the issue.


Report it to the police: If you believe you have been hacked and are now the victim of identity theft or fraud, file a report with Action Fraud.

BBC report on Firebrand's police force cyber crime training

This morning, Firebrand Training’s unique Cyber Crime Pathways Programme featured on BBC Breakfast News.

The BBC covered an exclusive insight into how non-technical police officers are trained and skilled in the cyber security investigation and forensic techniques required to catch criminals.

The Cyber Crime Pathways Programme, delivered using our unique accelerated training approach, shows frontline police officers how to effectively respond to the rise in cyber crime across the UK.
Rory Cellan-Jones, the BBC’s leading technology reporter, watched as a team of police officers infiltrated a simulated hacker’s lair.

The high pressure scenario required the police to utilise their training to efficiently find hidden devices and collect the forensics evidence needed to identify the cyber criminal.

Interviewed on BBC, DC Steve Mersh said: “It’s a case of learning the practical skills that we can utilise, no different to a finding a gun at a crime scene that we can make safe from the public and attribute to the criminal”.



Missed it this morning?


Since the Cyber Crime Pathways Programme launched in 2014, Firebrand has trained 659 police officers across 80% of all police forces in the UK. Part of the 960 accelerated courses taken by police are hands-on, practical crime scene simulations like those featuring in the BBC programme.
At a time when you’re more likely to be a victim of a cyber crime than any other offence, the UK is dedicated to upskilling their force to combat this growing threat.

“Back in the day, the officers would simply turn up and literally just pull the electricity supply out of the back of the computer, bag it, tag it and send it away for a forensic investigation which could take months before they got back with anything meaningful” says Phil Chapman, Lead Cyber Security Instructor at Firebrand Training.

Phil continued: “We’re proud to provide accelerated cyber security training to local police forces across the UK. Cyber crime is one of the largest threats to businesses and consumers today - our police need the know-how to respond to this unique form of criminality.

“Firebrand has developed an amazing partnership with local police forces across the UK and we’re excited to share our ongoing work with the BBC.”

Get the skills you need, fast


It's not just the police force that need to prepare for the growing threats of cyber attacks. With two-thirds of large UK businesses the victim of a cyber attack in the past year, it's time you secured your business.

Get the cyber security skills you need to defend your organisation, fast. Choose from 50+ accelerated cyber security courses covering the full requirements of your business across technologies and disciplines.

Monday, 16 January 2017

The 5 cyber security statistics you need to know in 2017

‘Cybercrime is the greatest threat to every company in the world’ says IBM’s CEO, Ginni Rometty. If you’re already working on boosting your security – or haven’t started yet – now’s the time. Here’s five reasons why…


1. Cybercrime cost to hit £2.41 trillion a year - Juniper Research


Cybercrime is expensive. Get hit and you’ll feel it in your profits. For example, a successful DDoS attack will force your systems offline and can cost you upwards of £100,000 every hour. 2016 reported a 22% increase in cybercrime and it certainly didn’t go unnoticed in the media. Big names like Yahoo, TalkTalk, Tesco, Netflix, Sony and even the presidential election were victim to cyber-attacks.

Get EC-Council’s Certified Ethical Hacker certification to help defend against attacks.


2. Cyber security spending to exceed £815 billion by 2021 - CSO Online


Businesses continue to realise the need to spend more on cyber security products, like software and training. In 2016, over £6.5bn was spent worldwide on information security (Gartner).

Despite this growing demand for training, a 2016 government report highlights that there’s still much to be done for businesses. With just under a fifth of businesses ensuring their staff take part in cyber security training in 2016, staff and the general public are still too unaware of their responsibilities in this regard.  

3. Unfilled cyber security jobs to reach 1.5 million by 2020 - (ISC)² 


There’s a severe shortage of qualified cyber security professionals. What’s more, the average salary for a CISSP certified professional is now £62,500.

The effect of this shortage means businesses are struggling to implement the security measures needed. A recent study by Cybersecurity Ventures of over 1,000 IT Professionals globally found that IT security managers reported significant obstacles in implementing desired security projects due to lack of expertise (34.5%) and inadequate staffing (26.4%).


4. Four billion people online by 2020 (Microsoft)


Double the current number of people will be online by 2020. As 91% of attacks begin with email phishing (Mimecast), the potential exploitation for hackers here is massive. Avoid social engineering attacks by educating your employees on information security.

More worrying statistics concerning the growing number of employees online and with access to sensitive data, came from AXELOS. They found that 75% of large organisations and nearly a third of small organisations suffered staff-related security breaches in 2015 and 50% of the worst breaches of the same year were caused by human error.   

A simple and cost-effective way to test your employees cyber security knowledge is through EC-Council’s Certified Secure Computer User (CSCU) test. This will help benchmark the cyber security awareness and competence of your workforce.


5. 200 billion IoT devices will need securing by 2020 (Intel)


More internet connected devices – from thermostats to fridges - in the hands of the public means more opportunities for hackers to infiltrate home networks.

Take a look at the recent hack of the DNS provider Dyn, which brought down major organisations, as a result of an army of 100,000 IoT devices being hacked. Dyn Vice President Scott Hilton stated that the compromised devices had been hit with the notorious Mirai malware that scans for IoT devices that are still using their default passwords. It then enslaves those devices to a botnet army, which was used to force Dyn offline.

As technology develops and individuals and businesses increasingly adopt these novel technologies, the phrase, “with great power, comes great responsibility” has never rung truer. 

Are you prepared for the next cyber-attack?  

Friday, 21 October 2016

Twitter, Spotify and Reddit taken offline by a DDoS attack. Is anyone safe!?

Distributed Denial of Serivce (DDoS) has struck again, this time knocking some of the largest websites offline including the likes of Twitter, Spotify and Reddit.

Domain Name Servers (DNS) act as the Internet’s phone book. They facilitate your request to go to a certain webpage and make sure you are taken to the right place. So, when the DNS provider that gives you access to some of the world’s largest sites is hacked by a DDoS attack, you and I can't access those websites.

The attack happened early this morning. Some websites are coming back for some users, but problem looks by no means to be fully resolved.

Dyn posted the following update on its website: “Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available".

Here’s a list of websites that readers have told us they are having trouble:
  • Reddit
  • Spotify
  • Esty
  • Twitter
  • PayPal
  • Yammer
  • Wired.com
  • Yelp
  • Starbucks
  • Airbnb
As these businesses slowly return to functioning as they should, a lot of us may just shrug it off and return to re-tweeting and streaming music. But often these attacks are used as 'smokescreens' to hack your personal and confidential information. So stay up to date with how this story unfolds. 

The frequency of DDoS attacks have sky-rocketed in the past couple of years and this attack only confirms this reality. Having increased 125% over the past year and with more than 2,000 attacks observed worldwide by Arbor Networks, its time you secure your business.

The size and duration of these attacks is also on the rise with a 35% increase in attack duration and a 73% increase in attack size since last year. Worryingly, the average size of an attack is 986Mbps, enough to take most organisations completely offline.



Make sure you're not next

Firebrand Training are offering a DDoS Defence in a Day training course aimed at teaching you the skills to avoid being the next headline of a DDoS attack. We’ll educate you on the growing threat and ramifications of a DDoS attack.

In just one day you'll:
  1. Understand a DDoS attack, how it's executed and the implications to your business
  2. Experience demonstrations of DDoS attacks and their effects in real-time
  3. Learn the tools to detect, analyse and mitigate DDoS attacks
DDoS attacks have become commonplace. Learn the skills to protect your business before it’s too late. 




Get the skills to defend against a DDoS attack!

Falling victim to a Distributed Denial of Service (DDoS) attack can cost your business £1.2 million in damages. In the past year alone, DDoS attacks have increased 125% in frequency and 35% in attack duration and the average DDoS attack is now large enough to throw most organisations completely offline.

It’s time you ask yourself, how well can I defend myself and my business from a DDoS attack?

To help you answer this and get educated on the growing threat and consequences of a DDoS attack, Firebrand have launched a one-day DDoS Defence training course in the heart of London this December. In this short, accelerated training you’ll:
  • Understand a DDoS attack, how it’s executed and the implications to your business.
  • Experience demonstrations of DDoS attacks and their effects in real-time
  • Learn the tools to detect, analyse and mitigate DDoS attacks
If you're looking to avoid the relentless, everyday threats of a DDoS attack, this is the event for you. You’ll leave us with a clear understanding of what a DDoS threat is and how you can bolster your defence against such attacks.

 What is a DDoS attack and why do I need to know about it?


A DDoS attack is an attempt to overwhelm an online service with traffic from multiple sources. In short, it prevents legitimate users from accessing a server’s information or services because it is overloaded or ‘flooded’ with requests.

The ramifications of this kind of attack on your business are huge. The costs of being forced offline can exceed £100,000 per hour. If you’re not as fortunate, costs may escalate up into the millions. This was found in a survey where 21% of IT professionals said a DDoS attack would cost their business more than £50,000 per hour. Following this, 52% of consumers are found to lose trust in your organisation as a result of the outage.

The potential repercussions can include; financial losses, reputational damage, consumer agitation and legal issues. 

On our DDoS Defence in a day event, you will not only learn what DDoS is and why it should top your chief of security's list of fears, but you'll also learn the real-life practical skills you can use to defend your business.  

Think this won’t happen to you?


There’s no doubt that DDoS attacks are now commonplace yet there is still a clear disconnect between people acknowledging the risk of DDoS and doing something to mitigate it. With 124,000 DDoS attacks observed worldwide each week, the failure to prepare yourself for this threat means it’s a matter of when and not if you join the long list of organisations thrown offline.

And it’s not just small businesses that need to be worried. The BBC, MI5, HSBC and PayPal are all recent victims of a DDoS attack. The damages range from being forced offline for several hours to millions in damages. PayPal experienced 3.5 million in damages and had 100 workers spend three weeks repairing the damage following a DDoS attack.

Here’s (some of) what you’ll cover:

  • Demonstrations of DoS attack tools and their effect
  • Using simple widely available tools to launch DoS attacks to highlight the skill levels required
  • The concepts of DDoS; Moving from a single source to multiple sources, amplification and reflection
  • Demonstration of Botnet launching a DDoS attack, controlled from a single source
  • Mitigation measures for DoS and DDoS, including services provided and methods used
  • NCA national DDoS strategy

What you’ll get:

In addition to excellent training from one of our most experienced cyber security experts, you’ll receive:
  • Five free EC-Council CSCU exam vouchers worth £495: The Certified Secure Computer User exam is an easy way to benchmark the IT security knowledge of you and your staff. These will be provided before the course.
  • Seven hours of learning towards maintaining your certifications with CPEs: Contribute to Continual Professional Education for maintaining certifications from IT security vendors including EC-Council, (ISC)2 and ISACA.
  • Courseware and tools: All course materials including access to the tools demonstrated will be provided for future use.
  • Lunch, snacks and refreshments: These will be provided throughout the day. 

Who should attend?

This course, which combines both theory and practical examples is ideally suited to both technicians and managers responsible for cyber security. Whether you're defending on the front line or managing strategy, this course will be of benefit in preventing DoS.

Want to find out more?

If you’re interested in keeping your business safe then join us on December 20th for a one-day training event in Central London. 

If you want to find out more or purchase tickets, please visit our course page

If you have any unanswered questions then just drop us an email at one@firebrandtraining.co.uk



Wednesday, 14 September 2016

Defend your network with the new Certified Network Defender certification

Today, EC-Council launches their highly anticipated Certified Network Defender qualification. This exciting new certification focusses on developing the critical skills needed to protect, detect and respond to attacks on your network. A much needed skillset in a world plagued by cyber attacks.  
In this post we'll take a closer look at the certification and why it's so crucial for the industry.

Businesses have woken up to the ever present threat of cyber attack 


In today’s growing technological world, organisations are painfully aware threat of cyber breaches and the inadequacies of their preventative measures. In fact, a Government study has found that 51% of UK businesses experienced a security breach in the past 12 months. UK Digital Economy Minister Ed Vaizey emphasised just how “crucial” security is, with “too many firms losing money, data and consumer confidence” as a result of the vast number of cyber attacks.  

While the number of cyber attacks spawn rapidly like infectious bacteria, the demand for individuals certified in cyber security has far out paced supply. Findings suggest that 7 of the 10 cyber breaches on UK companies could have been prevented, pointing at a lack of industry knowledge. Furthermore, 28% of organisations experienced a shortage of network security specialists and by 2019 its expected that the demand for cyber security skills will triple the supply of personnel available.  


What can the CND do?  


Why is it that some businesses lock their doors and put on an alarm, yet they leave their most valuable data completely unprotected? A businesses network is a businesses first line of defence against cyber attacks. Unfortunately, set up incorrectly, it can be an open to door to cyber criminals. Once they're in they can infect your database, install ransomware and compromise your applications.  

The CND, built from a common body of knowledge, focusses on defence.  It is made up of 14 of the most current network security domains, aimed at upskilling network administrators with the knowledge and skills to protect, detect and respond to network security threats. 
As network administrators are familiar with network components, traffic, performance and utilisation, network topology, location of each system and the security policies, they can play an increasingly significant role in becoming the first line of defence for any organisation.   
The course outline was devised by a series of surveys and industry related interviews with lead security managers to address the shortcomings within their existing workforce and organisation. The result is the following 14 modules: 
  1. Computer network and defence fundamentals 
  2. Network security threats, vulnerabilities and attacks 
  3. Network security controls, protocols and devices 
  4. Network security policy design and implementation  
  5. Physical security  
  6.  Host security  
  7. Secure firewall configuration and management 
  8. Secure IDS configuration and management 
  9. Secure VPN configuration and management  
  10. Wireless network defence 
  11. Network traffic monitoring and analysis  
  12. Network risk and vulnerability management 
  13. Data recovery and back-up
  14. Network incident response and management  

So what makes the CND so special? 


More than just a certification catered to the current needs of the market, the CND course boasts other impressive features: 
The course is made up of 50% hands-on labs and practical work. The benefit of this skills-based, lab intensive program is that you gain invaluable real-world experience in the event of a real breach.  

Unlike many other certifications, the CND course has shifted its focus from the technology used in security, to the operations and processes involved in securing a network. EC-Council liken this focus on operations over the transitory technology to learning mathematics without a calculator. Rather than mindlessly using technology, you’ll learn the why and the how. The benefit of this is that you’ll develop a more holistic, in-depth understanding of security that can help you better protect your organisation.  

Additionally, the CND being a vendor-neutral certification speaks again to the wide audience this certification will benefit as it means the skills can be taken away and transferred to the various technologies organisations use.  



Certification and Training Details 


Available now, Firebrand is delighted to launch the accelerated CND certification course alongside EC-Council.  

The course will be 4 days in duration including the exam, 20% faster than traditional training. As an official provider of EC-Council certifications, you will benefit from certified instructors, and official material giving you the best chance to pass.  

Having just been awarded EC-Council Accredited Training Centre of the Year for the eighth successive year, you know you're in safe hands. 

The Certified Network Defender credential has replaced EC-Council’s ENSA v4.0, which is set to be retired on March 13th 2017.  
  



Thursday, 11 August 2016

Why CISSP is a must have certification, now more than ever


ISC2's CISSP course is essential if your pursuing a senior role in Information Security. CISSP provides an extensive overview of the Common Body of Knowledge (CBK): a compendium of information security practices and standards compiled and continually updated by (ISC)2.

CISSP is integral in developing an extensive understanding of information security and has gained importance as a key component in the selection process for management-level information security positions. But, for those that are unfamiliar, here are the top reasons why CISSP is the certification to choose, now more than ever.


1. Worldwide recognition:


A certification is only as good as the recognition attached to it. Unlike many standard certs, CISSP boasts industry wide recognition, acknowledged in 2015 by SC Magazine (for the fifth time) as the ‘Best Professional Certification Program’.

This Gold Standard credential is not only recognised by the world’s leading multinationals - such as Google, IBM and P&G - it’s also deemed a requirement in 56% of cyber jobs in the contracting industry. If you’re looking to take on the complicated world of IT security, a CISSP certification is a must have.






2. Job competence:


In the 2015 (ISC)2 Global Workforce Study, the report found that the attributes that best characterise ‘successful’ information security professionals came down to a broad understanding of the security field, communication skills and awareness of the latest security threats. 


2015 (ISC)2 Global Information Security Workforce Study

CISSP’s core content, seen in the domains listed below, actively seeks to develop this wide range of information and security management. The CISSP CBK consists of the following eight domains:
  • Security and Risk Management: Addresses a broad spectrum of general information security and risk management topics.
  • Asset Security: Addresses the collection, handling and protection of information throughout its life cycle. 
  • Security Engineering: Is the practice of building information systems and related architecture that continue to deliver the required functionality in the face of threats that may be caused by malicious acts. 
  • Communication and Network Security: Encompasses the network architecture, transmission methods, transport protocols, control devices and the security measures used to maintain the confidentiality, integrity and availability of information transmitted over both private and public communication networks. 
  • Identity and Access Management: Involves provisioning and managing the identities and access used in the interaction of humans and information systems, of disparate information systems and even between individual components of information systems. 
  • Security Assessment and Testing: Involves the evaluation of information assets and associated infrastructure using various tools and techniques for the purposes of identifying and mitigating risk. 
  • Security Operations: Involves the application of information security concepts and best practices to the operation of enterprise computing systems.
  • Software Development Security: Involves the application of security concepts and best practices to production and development software environments. 
The Global Workforce study also compares the job roles of (ISC)2 members versus non-members. 

The findings show those with an (ISC)2 certification such as CISSP, although in possession of a wide range of information, are more likely to take on specialised job roles. Examples of such specialist positions include Security Consultant, Security Architect, Information Assurance Manager or Security Advisor. Nannette Ripmeester, founder of Expertise in Labour Mobility, believes these “specific skills are valued more [by employers] because they are more difficult to teach”. Non-members, however, are more likely to have generalist IT roles such as Network Administrator, Security Systems Administrator or Technical Consultant. 



3. (ISC)2 Membership:

Once you have completed an (ISC)2 certification and subject to annual maintenance fees, you become an (ISC)2 member. This membership offers plenty of resources and benefits that can help further your knowledge and network. Some of these include:

  • Access to a vast network: With over 110,000 members across 160 countries, you will gain access to other CISSP certified individuals and the shareable knowledge of this community. 

  • The opportunity to earn CPEs - critical for maintaining your certification in good standing

  • Discounts on industry conferences and access to free online events. 

  • Access to industry-leading research: Includes the ISC Journal and the Global Information Security Workforce Study. 
  • Security central: An exclusive resource that researches and tracks vulnerabilities using proprietary, state-of-the-art algorithms to aggregate, categorise and prioritise vulnerabilities affecting tens of thousands of products.
  • Industry recognition: An event acknowledging distinguished information security professionals. 
  • Digital badges: Allows you to share your credentials online through the use of a badge.

4. Earning potential:


The CISSP certification proves you have the advanced skills, knowledge and commitment required, to command higher wages.

The challenging standards require students to have at least 5 years of experience in two of the eight (ISC)2 domains listed above. Additionally, the student must complete a 250 question multiple choice exam in order to be officially certified.

Although a difficult process, requiring students to fully understand the CBK and framework of information security practices and standards, the return on investment makes it one of the most highly sought after courses available. 


Those with a CISSP certification command an average an salary of £76,700, compared with £62,500 for similar job titles without a CISSP certification.



5. Growing demand for Security Professionals/Higher spending on IT security:


CISSP has and is likely to always remain a well-performing certification, but what makes it so special today?

As businesses become increasingly dependent on information technology, the importance of cyber security has never been so important. Cybersecurity Ventures projects $1 trillion will be spent globally on cyber security from 2017 to 2021. Editor-In-Chief, Steve Morgan, stated that “IT analyst forecasts are unable to keep pace with the dramatic rise in cyber-crime”. Forbes echoed this in a recent article, stating that the booming cyber security market is expected to grow from $75 billion in 2015 to $170 billion by 2020.

Despite the industry experiencing rapid growth, (ISC)2 found that by 2019 there will be a shortage of 1.5 million information security professionals. So, not only is CISSP a qualification that can propel your IT career, its current high demand in a growing industry make 2016 the best time to start. 





Tuesday, 12 July 2016

A Look at the Cyber Security Apprenticeships

Guest Author: Annabelle Harris

UK Government and businesses are consistently at threat from cyber attack. It is now estimated that the UK has spent approximately £18-27 billion pounds in defending against these type of attacks. With an ever increasing threat, the number of skilled  IT security professionals required is not developing fast enough, creating a large and growing cyber-security ‘skills gap’.

In a bid to closed the gap, the Government has introduced new cyber security apprenticeship standards. Paired with significant financial backing, the aim is to increase the number of cyber experts as effective security aids to protect against a data breach’s far-reaching effects. 


The two new apprenticeships are titled - Cyber Intrusion Analyst and Cyber Security Technologist. In this post we will take a closer look at the two. The skills they teach and the funding available.


Cyber Intrusion Analyst:


An apprentice that has taken the role of Cyber Intrusion Analyst will learn how to detect breaches in network security for escalation to incident response or other determined function.

A Cyber Intrusion Analyst will benefit from a range of automated tools to monitor networks in real time. They’ll interpret and understand the alerts that are automatically generated by those tools, including integrating and correlating information from a variety of sources and in different forms and, where necessary, seek additional information to inform the Analyst’s judgement on whether or not the alert represents a security breach.

The apprentice will often be part of, or lead, a team when working. They will also be required to cooperate with external stakeholders

With a Cyber Intrusion Analyst apprenticeship you will develop the skills to work in a range of different job roles including:

Secure Operations Centre (SOC) Analyst, Intrusion Analyst, Network Intrusion Analyst, Incident Response Centre (IRC) Analyst and Network Operations Centre (NOC) Security Analyst.

This apprenticeship is ranked a Level 4 apprenticeship and its duration is typically 24 months.

For this apprenticeship, the maximum contribution of government is £18,000 , where the contribution of the said business is £9,000.

This particular apprenticeship is also eligible for additional incentive payments including:

  • 16 – 18 year olds: £5,400 
  • Businesses with less than 50 employees: £2,700 
  • Successful completion: £2,700 


Cyber Security Technologist:


An apprentice that has taken on the role of Cyber Security Technologist will learn how to apply an understanding of cyber threats, hazards, risks, controls, measures and also mitigations to be able to protect organisations systems and people.

The apprentice will work in a selection of areas as well as security design and architecture, operations, risk, governance and compliance, security testing, investigations & response. Their goal is to accomplish required security results in a legal and monitored framework in all areas of the economy. As well as that, they will develop and apply a practical understanding of information security to provide solutions that fulfil an organizations requirements.

A Cyber Security Technologist apprenticeship can open doors to many job roles such as: Cyber Operations Manager, Security Architect, Penetration Tester, Security Analyst, Risk Analyst, Intelligence Researcher, Security Sales Engineer, Cyber Security Specialist, Information Security Analyst, Governance & Compliance Analyst, Information Security Assurance & Threat Analyst, Forensics & Incident Response Analyst, Security Engineer, Information Security Auditor, Security Administrator, Information Security Office.


Just like the Cyber Intrusion Analysts apprenticeship, this apprenticeship is ranked a Level 4 apprenticeship and its duration is typically 24 months.

For this apprenticeship, the maximum contribution of government is £18,000 , where the contribution of the said business is £9,000.

This particular apprenticeship also attracts the following encouragement payments for the employers:

  • 16 – 18 year olds: £5,400 
  • Businesses with less than 50 employees: £2,700 
  • Successful completion: £2,700 



Monday, 20 June 2016

How Lord Hague’s talk at InfoSec 2016 affects you

 By Sarah Morgan


It is vitally important to be aware of what is changing in the cyber security industry so you and your business aren’t left vulnerable to cyber attacks. The keynote speaker at InfoSec 2016, the Right Honourable Lord Hague of Richmond, gave some valuable advice to UK businesses on how to ensure their IT security can be successful in the long term. Here, we break down what these comments mean for you, your business and the industry as a whole.


“Move with the times”


Lord Hague’s speech mainly focused on how industry leaders need to be particularly aware of the “critical economic importance” of cyber security. In 2015 it was reported that cyber attacks cost the UK economy £34 billion a year, affecting 1 in 4 UK businesses. Reinforcing that all businesses are at risk of an attack and cannot afford to become complacent with IT security.


Image courtesy of Sira Anamwong /
freedigitalphotos.net
He went on to recognise that the speed of technological growth is having huge implications on the IT security measures businesses need to take. He warned, “being connected has a real price on security”. Alongside this, he cited the recent hacks of Mitsubishi and Jeep. By embracing new technologies and adding Wi-Fi connectivity, their vehicles have become hackable.

However, the former Conservative leader did present an encouraging solution to the industry. He asked business leaders to work together to create “a network of partnerships”. There was emphasis on the need for change, “moving with the times”, embracing technological advancement and strengthening cyber security together.

Hague then reinforced that creating partnerships can help us achieve this. Increasing and nurturing partnerships increases inter-business communication, shares skills and technology and grows opportunities to improve security. With the average cost of a cyber attack increasing by 14% year on year, this highlights the need to invest more time and money to protect our businesses.

Lord Hague’s InfoSec 2016 speech reinforces the industry wide need for more IT security skills to protect the data and finances of UK’s businesses. His focus on forming security partnerships as a long term solution, places the responsibility on the collective shoulders of business leaders to work together, improving security infrastructure. With these new partnerships in place, businesses will be able to develop the skills of security professionals, collectively strengthening the nation’s IT security.


How does this affect my business?



Businesses must make extra efforts to
protect their assets from cyber attacks -
Image courtesy of Sira Anamwong /
freedigitalphotos.net
The frequency and sophistication of cyber attacks is increasing. Just last week MySpace were the victim of what could be the largest attack ever, breaching 427 million passwords. The implications of these hacks could have financial costs of many millions to MySpace. The need for all businesses to increase their IT security efforts, ensuring they don’t lose vast amounts of sensitive data and enormous sums of money, has never been higher. 

However, tightening IT security is a complex task. This need could not have come at a worse time as currently, there aren’t enough skilled cyber security professionals to meet demand. (ISC)2’s 2015 Global Information Security Workforce Study projects there will be a shortfall of 1.5 million unfilled roles in five years time.  This will make it difficult for the industry to implement the changes Lord Hague is anticipating. Therefore, in order to protect your business and build IT security partnerships, it is vital to develop the skills of your IT security professionals.


How do I ensure my business is protected?



Image courtesy of Jon Whiles /
freedigitalphotos.net
Businesses need to take immediate action, starting with increasing their cyber security skills. Extra commitment is now coming from the government to support this. For example, an investment of £1.9 billion into cyber security was announced by the government back in November 2015. Much of the government money will be invested in the two new Cyber Security apprenticeships, Analyst and Technologist. This’ll give businesses funding to bring new professionals into IT security and boost their skills.  It will also give businesses opportunities to increase their investment in IT security training, improving the skills of established IT security professionals.


Improve the cyber security skills in your business


Outside of apprenticeships, there are certifications and training courses at every level of IT security, that can give your business the skills throughout every level of the organisation. For example, your team can get entry level courses like CompTIA’s Security+, which builds upon IT foundations. After five years of security experience, your team can progress onto courses like ISACA’s CISA or CISM courses, gaining the beginnings of specialisation into the technical or management areas of IT security. Once your team have developed their skills further and have more experience, they can get advanced skills with certifications like (ISC)2’s CISSP or CCSP. Alternatively, your team can specialise with EC-Council’s Certified Ethical Hacker.

Plus, Firebrand have now added five new cyber security courses that teach you the latest cyber security skills to protect your business:



Firebrand’s accelerated cyber security courses are the fastest way to improve and validate your specific security skills, before you’re hacked and facing enormous costs.


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.